HIPAA Critical

This episode examines recent ransomware attacks affecting Brockton Hospital, Stockton Cardiology, and Rocky Mountain Care, alongside a Dutch supply chain breach impacting eleven hospitals. The hosts discuss the EvilTokens phishing kit that bypasses MFA through Microsoft 365 device code flow exploitation, and share practical defenses including conditional access policies, improved logging, and incident response planning. Key insights from the April Zoom social mixer cover monthly penetration testing, effective security awareness training, and AI adoption guardrails.

This episode examines recent cybersecurity incidents affecting healthcare organizations, including breaches at Intuitive Surgical, Nacogdoches Memorial Hospital, and Innovative Pharmacy Packaging Corp, alongside a sophisticated job scam targeting professionals. Key takeaways include the critical importance of phishing training, network monitoring, vendor risk assessments, and reducing detection dwell time. The discussion reinforces that most breaches stem from preventable issues like misconfigurations, blind spots, and social engineering vulnerabilities.

In this episode, Alex and Jen break down three recent cybersecurity incidents affecting healthcare and social services organizations: Microsoft Teams impersonation attacks targeting healthcare and financial sectors, fake AI apps harvesting credentials, and a ransomware breach at a nonprofit serving vulnerable populations. The discussion highlights how misconfigurations and overlooked security basics create exploitable gaps, and offers practical steps for locking down external communications, verifying app legitimacy, and strengthening defenses against ransomware.

In this episode, we break down recent healthcare cybersecurity incidents including the Navia benefits administrator breach affecting nearly three million individuals, ransomware attacks on Kettering Health and a US healthcare provider, and the Essen Medical Associates settlement. We examine common vulnerabilities across these cases—from inadequate privileged access monitoring to untested incident response plans—and discuss actionable steps organizations can take to strengthen their security posture. The key takeaway: most breaches stem from addressable gaps, and consistent attention to fundamentals remains the most effective defense.

In this episode, Alex and Jen break down the latest cybersecurity incidents affecting healthcare, including ransomware targeting community health organizations, phishing attacks leveraging trusted cloud platforms, MFA bypass techniques, and the exploitation of legitimate admin tools in cloud environments. The discussion emphasizes that most breaches stem from preventable configuration gaps and offers actionable guidance on endpoint protection, network segmentation, and phishing-resistant authentication methods.

Episode 68 features Aja Anderson, Paubox Customer Success Manager. 

Episode 67 features Aja Anderson, Paubox Customer Success Manager. 

Episode 66 of HIPAA Critical features an interview with Founder CEO, Hoala Greevy, about workflow automation. 

Episode 65 of HIPAA Critical recaps the HIPAA Breach Report details breaches from December 2021. 

Episode 64 of HIPAA Critical features an interview with Dave Ledoux, CIO of Innovive Health. 

Episode 63 of HIPAA Critical features a discussion with Aja Anderson on this month's Paubox HIPAA Breach Report. 

Episode 62 of HIPAA Critical features an interview with Hector Rodriguez, Principal Industry Specialist, Healthcare & Life Sciences - AWS

Episode 61 of HIPAA Critical features an interview with Su Bajaj, CTO of Compex Legal. 

Episode 60 of HIPAA Critical features an interview with Brian Fritton, CEO of Havoc Shield. 

Episode 59 of HIPAA Critical covers the Paubox HIPAA Breach Report for October 2021 and other cybersecurity trends with guest Aja Anderson, Paubox Customer Success Manager. 

Episode 58 of HIPAA Critical includes an interview with Matt Cooper, Cybersecurity & Data Privacy Principal at Vanta. 

Episode 57 of HIPAA Critical features an interview about AI with Paubox Founder CEO, Hoala Greevy. 

Episode 56 of HIPAA Critical features an interview with Sara Sosa, Director of Information Services at Vista Care. 

Episode 56 of HIPAA Critical welcomes back Paubox Customer Success Manager, Aja Anderson, to discuss the findings of the Paubox HIPAA Breach Report for September 2021.  

Episode 54 includes an interview with Jane Harper. Jane is the senior director, information security risk management and business engagement at Eli Lilly and Company. 

Episode 53 of the HIPAA Critical podcast features an interview with Anshul Pande, vice president and chief technology officer at Stanford Children's Health. 

Episode 52 of HIPAA Critical welcomes back Paubox Customer Success Manager, Aja Anderson, to discuss the findings of the Paubox HIPAA Breach Report for August 2021. 

Episode 51 of HIPAA Critical includes an interview with Dr. Eric Cole, a former CIA hacker and founder of Secure Anchor.Read the transcript here. More about Paubox: www.paubox.com 

Fred Kwong, CISO of Delta Dental is featured on episode 50 of HIPAA Critical.Read the full transcription here.  

Episode 49 covers the findings of the Paubox HIPAA Breach Report for July 2021. Aja Anderson, customer success manager at Paubox, joins the episode to discuss key trends, share insights, and give cybersecurity tips. 

Episode 48 of the HIPAA Critical Podcast includes an interview with Todd Pang, president and co-owner of Caring Manoa. 

The challenges of 2020 are still lingering in many industries we might be in a new year. But the effects of the covid-19 pandemic reach far and wide. The way we work and the way business operated changed dramatically and almost overnight. Jeff Karlsson is on today's episode. Jeff is the chief operating officer of Divergent Business Consulting, a Salesforce and financial consulting company. Jeff and Sierra Langston sit down to discuss the COVID-19 pandemic, how to force change across many industries, and emerging healthcare trends. 

Elderly care organizations need to comply with HIPAA regulations and security rules, especially if they deal with their patient's medications, doctors, or other sensitive information. What is the best way for these types of organizations to approach HIPAA compliance and secure data? How do we keep the most vulnerable members of our society safe from bad actors? John Benbrook, president of Oasis Senior Partners, and Paul Giovacchini, enterprise customer success manager at Paubox, join Sierra Langston on today's episode to discuss HIPAA compliance training, assessing risk management, and unencrypted data vulnerabilities.

Cybersecurity protocols and practices will never be a one-size-fits-all solution. Different industries have different requirements for compliance. Healthcare has vague but vast security rules to follow under HIPAA. So how do organizations stay ahead of the cybersecurity curve?Greg Reber, Founder and CEO, of AsTech Consulting, is with us on today's episode. He and Sierra Langston discuss the changes and challenges in cybersecurity, including implementing solutions that meet regulatory standards, the evolving threat landscape, and how information sharing is a key to the future of cybersecurity.

With more than 500 reported HIPAA breaches in the last year, why are healthcare organizations slow to update their cybersecurity protocols and technology stacks? Is it possible for the healthcare industry to get ahead of bad actors? Today, Sierra Langston speaks with Jared Vinson, director of cybersecurity at Hill Country Tech Guys on all things healthcare security, including phishing scams, best practices, and the aftermath of a HIPAA breach.

The healthcare industry is slow to change and, at times, even slower to embrace innovation. Fax machines, patient portals, and complicated compliance solutions are everywhere. The challenges of these outdated and vulnerable technologies only make data breaches, HIPAA fines, and cybersecurity threats more prevalent.  On today's episode, Sierra Langston and Michael Mead of The Medical Cost Savings Solution discuss HIPAA compliance, healthcare industry challenges, and unencrypted data transfers.

Almost overnight, the pandemic changed telehealth and how our most vulnerable populations receive the medical care they desperately need.  As many Americans start to take care of their aging parents at home or through an elder care center, they find navigating the complicated world of HIPAA and the American healthcare system to be confusing, expensive, and daunting. On today's episode, Paubox Founder and CEO, Hoala Greevy, interviews Bonnie Castonguay, co-founder of Ho'okele Health on the effects COVID-19 has on in-home care, the positive changes telehealth has brought to her clients and their families, and how easy Paubox has made HIPAA compliance for her company. 

If you work in healthcare, you know what HIPAA is, but do you and your organization understand how to maintain HIPAA compliance regarding email security and encryption? Is HIPAA compliance a “one size fits all” situation? How do organizations keep their employees and their partners compliant and safe?Today Sierra Langston sits down with Eoin Gregory of Family Billing Solutions and Travis Taylor of Paubox to discuss email encryption, the HHS Wall of Shame, and how to keep your staff, partners, and yourself educated on the vague but vast world of HIPAA compliance.

What is medical cost-sharing? Is it the future of healthcare? What can modern healthcare learn from this historical industry? In this episode, Sierra Langston sits down with Ken Dabkowski, Senior Project Manager of Sedera, to discuss medical cost-sharing and Sedera's IT and cybersecurity stack.

In this episode, you'll hear Sierra Langston, marketing manager, and Hannah Trum, marketing specialist, give their top takeaways from Paubox Spring Summit, Secure Communication During a Pandemic. Panelists from this event include:Hoala Greevy, Founder CEO, PauboxAnshul Pande, Vice President, and Chief Technology Officer, Stanford Children's HealthChris Lindley, Chief Population Health Officer, Vail HealthJulie Jackson, Director Applications and Informatics, Vail HealthSusan Ibáñez, Chief Information Officer, Vail HealthPaddy Padmanabhan, CEO, Damo Consulting, Inc.Aaron Collins, System Administrator, Developmental Center of the OzarkBrian Kline, Principal, Webb AdamsDan Dorszynski, Software Engineer, PauboxHoward Rosen, MBA, CEO & Founder, LifeWIREMatthew Wallace, Vice President of Strategic Initiatives and Partnerships, Easterseals LouisianaMichael Mead, BCPA, Chief Operating Officer, The Medical Cost Savings SolutionMichael Parisi, Vice President, Business Development & Adoption, HITRUSTNick Wong, Email API Specialist, PauboxTony UcedaVélez, CEO & Founder, VerSpriteFor a full recap of Paubox Spring Summit, click here. For more information about Paubox Spring Summit, click here. 

You may be asking yourself what threat modeling is and why it is important?In this episode, that is what you are going to find out. Healthcare has been under attack for a slew of reasons for the past 10 years. Threat modeling, very simply put, is a way to model threats. Whether you are in healthcare tech or an insurance provider, there is a benefit to understanding who your adversaries are and where you are vulnerable to threat actors.Today we are speaking with Tony UcedaVélez, founder and CEO of the security consulting firm VerSprite, based in Atlanta. 

Have you ever wondered how to streamline HITRUST, SOC 2 as well as other certifications and attestations?Well, in this episode, that is what you will find out.We’re going to explain how to streamline the process of developing policies and procedures, how to conduct a gap assessment & risk assessment, how to facilitate incident response exercises, how to upload evidence and meet with auditors.

Today, we're talking with Anya Schiess, Co-founder and General Partner of Healthy Ventures. She will shed light on a variety of topics such as challenges for health systems, why modern data architecture is important, FinTech, and what is on the horizon for healthcare.

Ransomware, malware, phishing attacks, and PHI email breaches continue to spike in 2021.Malware, the malicious software, is built to exploit chinks in the armor of our operating systems. This can involve pop-up ads or using it as part of a distributed denial-of-service attack.This is why HIPAA Compliant training is so important.Have you ever wondered how other healthcare organizations are training their team on HIPAA Compliance or protecting their email?Well, in this episode, that is what you will find out.Elena Yau, Director of IT and HIPAA Security Officer at FiveAcres is going to give you an in-depth look at their HIPAA compliance processes and procedures.

Have you ever wondered how to mitigate the vulnerabilities that stem from IoT.Well, in this episode, that is what you will find out.We’re going to provide you with common vulnerabilities and current risks with devices that you use every day. Smartwatches and modern cars to name a few. Today, we have Bruce Snell, Global Vice President of Cybersecurity Strategy and Transformation at NTT Security, to discuss this topic in greater detail.

Have you ever wondered how other businesses and practices are overcoming the challenges of maintaining HIPAA Compliance?Well, in this episode, that is what you’ll find out. Amongst the slew of HIPAA violations such as lack of employee training, medical record mishandling, hacking and malware, improper disposal of PHI, lies one HIPAA violation that we will be discussing in great detail, using nonsecure technology to share PHI.Matthew Wallace, Vice President of Strategic Initiatives and Partnerships at Easterseals Louisiana is going to fill us in on how they are able to maintain HIPAA compliance and what they have changed within their business because of COVID.

The Internet of Things is transforming healthcare from telemedicine to augmented reality to AI. All systems, network mobility, collaboration, security etiquette need to connect and work together. Have you ever wondered how to mitigate the vulnerabilities that stem from IoT? Well, in this episode, that is what you will find out. We're going to give you key points for building or maintaining your overall cybersecurity strategy, as well as provide examples of how IoT is a real and growing force in healthcare.

Have you ever wondered how you may be leaving yourself open for a data breach? Well, in this episode, that is what we will be covering. We’re going to give you an overview of the biggest threats in Healthcare right now and provide examples of how you may be vulnerable to a threat actor. Aaron Collins, System Administrator for the Developmental Center of the Ozarks, will discuss these topics in greater detail.

Have you ever wondered how an Email API can be beneficial for Healthcare businesses and covered entities? Well, in this episode, that’s what you’ll find out. We’re going to give you an overview of why healthcare businesses choose an Email API in general and, more specifically, how an Email API can be utilized for contact tracing.

In this episode, we’re going to give you 5 tips to ensure you are protected from cybercriminals while working from home and dive into new threats and trends in the Healthcare industry.

Have you ever wondered how to maintain HIPAA compliance within your task management platforms? In this episode, that's what you are going to find out and a whole lot more. Whether you are in IT, a physician, or on the administrative side, this podcast is for you.

Are you wondering how practices are offering Telehealth options to their patients? Or making money during COVID? Well, in this episode, that's exactly what you'll find out. Mental health and wellness during the COVID-19 pandemic has changed significantly. We will delve deeper into this with Maegan Megginson, Certified Sex Therapist, from The Center for Couples and Sex Therapy.

In this episode, we're going to give you an overview of the Email API solution process using contact-tracing and COVID test result delivery applications. By the end, you'll know more about contact tracing, specifically, and how to utilize an Email API solution.

A new report shows only half of Healthcare Providers are meeting NIST Standards, Premera Blue Cross pays a hefty fine to the Office of Civil Rights, and more details on October's Paubox SECURE@ Home Virtual Conference...it's free to join the conference.

This week on the HIPAA Critical Podcast, Hoala Greevy chats about working remotely from Alaska, details on Paubox SECURE, and how you can attend for free. We also discuss HIPAA violations, ransomware, and phishing attacks, and Punahou School is another Paubox success story to share.

Tesla thwarted a ransomware attack and is making global headlines. We discuss lures and seven ransomware red flags. Henderson Behavioral Health is winning, and UCSF pays more than a million dollars to hackers. Anders Norremo from ThirdPartyTrust chats about his unique platform and Third-party Risk Management.